Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S942236AbcJ1PWO (ORCPT <rfc822;w@1wt.eu>);
        Fri, 28 Oct 2016 11:22:14 -0400
Received: from nm3-vm1.bullet.mail.ne1.yahoo.com ([98.138.91.53]:41932 "EHLO
        nm3-vm1.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S941931AbcJ1PWM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Oct 2016 11:22:12 -0400
X-Yahoo-Newman-Id: 594144.36992.bm@smtp224.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: pot1Vo0VM1kM5jdtYfip.biEtTo0YLnftwG8Qah5xKE6Tm5
 sLjD26qWGqhzyMnIl7qKelUkj4W7rdgGpz3FgdZYJCF0TCeIX1mRDOMvDTi3
 TvCZ5r4bH2_EwSIi4JcBKtbB5CgagmMNEl6aUnKq_c1XD.X0anXBm39JQPgv
 qphp4yczVcgqO8.WvCgv_tC0Gyic1H8b7DeIzx7n69y3z180JQ0jxNZg4rG5
 qYuuH_ufARfF.85GRmcOB4BAtnHScfKsCV0nud0Y5h4jxYx244BzVHGGbfuU
 vKX60YXcsyUoqKmqZt_8THb995WC91pURXrhN_VizdF2xzcDbH.vy6NSAD2a
 k0TWRmi3pD3uN_Yl791WfenHwJiCuHcxX.ABeCc4HkmoQn3J3osMxO78v84a
 g107EBMXMaB9uv9o3tl6wG6QYIe3SUrScWlMplHHLl1bjidglrquXjW0bKpq
 48tY.dSOxcH3Wt4jx2T9JNwGQU2DdXi2gY_k4w2D1EG_1hZudY9aWIEDI6qe
 xq0s86hhUdD6e0OGbp5tvUWx7XnBiy.WiKNsRdI.k.BFL8Sv7yj_LzAI-
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
Subject: Re: [PATCH v6 0/3] LSM: security module information improvements
To: James Morris <jmorris@namei.org>
References: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com>
 <alpine.LRH.2.20.1610280928280.15246@namei.org>
 <575cbfd2-e05b-83a9-faed-d07011c8bd5e@schaufler-ca.com>
 <alpine.LRH.2.20.1610282023110.13327@namei.org>
Cc: LSM <linux-security-module@vger.kernel.org>,
        John Johansen <john.johansen@canonical.com>,
        Paul Moore <paul@paul-moore.com>, Kees Cook <keescook@chromium.org>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        LKLM <linux-kernel@vger.kernel.org>
From: Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <7606f7b6-c4e0-4897-83bc-2b67abb55a2f@schaufler-ca.com>
Date: Fri, 28 Oct 2016 08:22:09 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.20.1610282023110.13327@namei.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1002
Lines: 25

On 10/28/2016 2:28 AM, James Morris wrote:
> On Thu, 27 Oct 2016, Casey Schaufler wrote:
>
>> The 3/3 patch is forward looking, I'll admit. Userspace
>> can start getting ready for the combined format in
>> advance of multiple major modules. When complete module
>> stacking patches are available I don't want to be addressing
>> "no userspace is set up to handle that" if at all possible.
>> I don't want to be Chicken or Egged to death. The attr/context
>> would be the ideal thing for the id command to report, as
>> the format would always be the same and identify the module(s).
> We do not add speculative infrastructure to the kernel.

Fair enough. Development for the attr/context interface
in userspace can be done out of tree.

There is support for the other two patches, and I would
very much like to see them accepted.

>
> There is no consensus that we need major module stacking, and some of the 
> technical issues (network secids, for example) are also as yet unresolved.
>
>
> - James